Table of Contents
A simple FileHandler which supports working with detached PGP signatures.
It provides actions to:
Create a signature over any other data file with a known private key.
Verify a PGP signature by a known public key over any other data file.
This FileHandler makes some assumptions:
Checksums are stored in a file of their own separate from the data
being signed, usually with an extension of .sig.
The signature file contains the signature in ASCII encoded format.
The base name of the signature file matches the file over which the signature should be calculated.
download.zip.sig contains a signature
for the contents of the file download.zip.
Opening the signature file in this FileHandler will load the signature and display some status information along with the name of the target file derived from the base filename.
Verification can now be started by pressing the corresponding button. This will then verify the signature over the target files contents and display the result along with a message which helps interpretation.
Verification is disabled if the target file cannot be found. The target file must be located in the same directory as the signature file itself.
Depending on the size of the target file, verification can take a long time. A status message indicates the running computation but currently no support for aborting is present.
In case a new signature has been created, saving will be enabled if allowed by the configuration.
As this FileHandler supports modification and saving of the loaded data, it is an editor by nature.
Passphrases are required when a private key needs to be accessed from the configured keystore. Such an access is only necessary for security relevant operations such as signing and decryption. Thus passphrases will only be queried for when performing such an operation.
To ease general usage, it is possible to cache the passphrase during a customizable amount of time. Is there a need to access the same private key again within that time frame, the cached passphrase can be reused and the user won't need to re-enter it again.
On the other hand it is also possible to explicitly clear the cached passphrase from memory. This prevents it from being obtained by other software which might be scanning the memory for such sensitive information.